In the Javascript version of Facebook SDK for web development, when a user is logged in Facebook, I’ll get the user access token and a signed request string. The signed request string helps verify the correctness of the token at my backend:
FB.getLoginStatus(function(response) {
if (response.status === ‘connected’) {
sendToMyBackendForVerifyAndStore(response.authResponse.accessToken,
response.authResponse.signedRequest);
}
});
When using Expo.Facebook.logInWithReadPermissionsAsync, there seems no such mechanism to ensure the correctness of access token. Do we always trust the result and store these data at backend?
reference: